June 1, 2010 :: This article has been updated, coinciding with the release of SharePoint 2010 RTM. You can access my recent article “Configuring the User Profile Service in SharePoint 2010” here.
Welcome back to part 2 of this series in getting the basic bits and pieces of SharePoint 2010 beta up and running. If you recall in part 1, I provided a step by step guide in installing SharePoint 2010 Beta on a Windows 2008 R2 server. Today’s article will extend our setup and I will be providing another step by step guide in configuring SharePoint 2010 Service Applications in particular the User Profile Service in which I will create an Active Directory connection to import our users. Before delving into the step by step guide, let me provide you with a primer on Service Applications in SharePoint 2010.
Service Applications is the new model adopted by Microsoft in SharePoint 2010 to replace the Shared Services Provider (SSP) model that was introduced in SharePoint Server (MOSS) 2007. Service Applications in SharePoint 2010 is aimed at allowing for greater flexibility over the legacy SSP model and is now incorporated into WSS 4 or commonly referred to as SharePoint Foundation 2010. Some of the notable enhancements with Service Applications over SSP include the following;
- different sets of services can be associated with different web applications
- web applications can be configured to only use the services that they need
- publishing a service application allows for sharing across multiple server farms (applies to some services only)
- 3rd party integration into the service applications model is now possible
- There isn’t a separate site for service applications (i.e. accessible via Central Administration and not via a separate site as is the case with SSP in SharePoint Server 2007.
In part 1 of this series, we finished off with the installation of SharePoint 2010. Upon completion of the installation, the Farm Configuration Wizard should launch automatically, however you can also invoke the same wizard by navigating to SharePoint Central Administration / Configuration Wizards.
Under farm configuration, click on Launch the Farm configuration wizard
As this is our first time in configuring the SharePoint Farm, click on “Walk me through the settings using this wizard” option and click Next.
The following screen provides you with the ability to set your Service Account. It would be best practice to select “Create new Managed account”, however with all the issues around beta and service accounts I would recommend using your Domain Administrator account. Remember, SharePoint 2010 is still in beta and should only be setup in a development environment for testing purposes.
A list of the service applications is also displayed below and I will keep the default services selected which is everything excluding the Lotus Notes Connector.
Click Next. I’ve seen the following “Processing” screen a few times now with the SharePoint 2010 install and is very re-assuring if I must say.
You will be greeted with the Create Site Collection page in which we will Skip in this instance. I will be providing you with a step by step guide in creating your first Web Application and Site Collection in part 3 of this series which will follow shortly after this post. Stay tuned 🙂
This now completes the Farm Configuration Wizard which is a breeze I must say. Below are all the services that are running by default.
If we now navigate to Central Administration / System Settings / Manage servers in this farm, you will notice that our Services Running in the farm has expanded to include the Application Services.
This concludes the first part of this article in getting SharePoint 2010 service applications up and running. We will now focus our efforts in configuring our user profile service application. Word of warning, there are elements below that are workarounds around potential issues you may encounter with the beta. But if you follow my instructions, you should reach the final outcome, which is successfully importing your users. Note: Please ensure you read the rest of the article in its entirety before proceeding with your own configuration, as this will ensure you won’t need to double up in any step (you will know what I mean when you read on)
Let’s begin by navigating to SharePoint 2010 Central Administration / Application Management / Manage service applications / User Profile Service Application.
You will notice on the far right that our user and organization properties are present but our user profiles are currently non existent.
Under Synchronization, select Configure Synchronization Connections.
Click on Create New Connection
Enter the details as follows;
Connection Name: My Active Directory Domain
Type: Active Directory
Connection Settings: Specify a domain controller (type in the fully qualified domain name (fqdn) of your Active Directory Server) – Note: I had issues populating the containers when using the Auto discover method (details and error below)
Authentication Provider Type: Windows Authentication
Account name: Domain\Administrator
Click on Populate Containers which should enumerate your Active Directory Tree. This is a welcome enhancement in SharePoint 2010 removing the need to type in the correct active directory lookup syntax.
Note from above: I actually needed to specify a domain controller. The Auto discover option above did not work for me and kept giving me the below error “The distinguished name contains invalid syntax “ when attempting to “Populate Containers” I would be interested to know if others have encountered the same issue.
After selecting your container, click OK.
Now, the bugs begin. The page redirects back to the “Create New Connection” page but it’s blank! I was actually able to reproduce this issue on 2 separate installs and farm configurations.
The issue lies with the Forefront Identity Manager (FIM) Services which I have listed as follows. I launched Services under Windows 2008 R2 Administrative Tools on my SharePoint server to find the following 2 services in the following state.
- Forefront Identity Manager Service – Logon as Local System (Disabled)
- Forefront Identity Manager Synchronization Service – Log on as \ (Disabled)
The Microsoft SharePoint Team Blog goes in some detail regarding these services in which I have provided a link below as reference.
In order to fix our FIM services state we need to navigate to Central Administration / System Settings / Manage services on server. You will be presented with a list of your application services and you will notice that both the User Profile Service and User Profile Synchronisation Service are actually started (well in my case they were).
Click on Stop for both services and then start them again. This will fix the Forefront Identity service issues and you will notice that these will now be set to automatic with the correct logon permissions; We are now cooking with gas!
If your connection is still not listed under Synchronization Connections then you will need to re-create it as per the instructions provided above. Yes! painful, but I guarantee it will work the second time, now that our FIM services have started correctly in Windows services. As you can see from the below screen shot, I was eventually able to create my first Active Directory Connection.
We are now ready to click on Start Profile Synchronization!
Click on Start Incremental Synchronization.
It may look like that nothing is actually occurring but the synchronization process is actually happening in the background. To confirm that this is the case, if I click on Start Profile Synchronization soon after, I will receive the below popup message;
Note: This process took approximately 10 minutes for 8 users in my environment, but again this is beta. Hopefully things will speed up when SharePoint 2010 RTM’s.
Let’s now venture to Manage User Profiles;
You will be greeted with “There are no results to display” and no user profiles listed, (even though it specifies a total number of profiles being 8 in my case) .
This is another gotcha and it looks like things have changed here a little and you will now need to search for your users, as opposed to them automatically appearing.
We have now successfully completed our import of our Active Directory users into our user profile service application. In the next article in this series I will provide you with the steps required to create your first Web Application and Site Collection. This will provide us with a nice base to play around with, and begin exploring the plethora of goodies that are available with SharePoint 2010.
Be sure to add your own experiences in configuring the user profile service application below.
Stay tuned, the journey with SharePoint 2010 has only just begun.
Path to User Profile Synchronization success in SharePoint 2010 Beta http://blogs.msdn.com/sharepoint/archive/2009/11/18/path-to-user-profile-synchronization-success-in-sharepoint-2010-beta.aspx
Configure Profile Synchronization (SharePoint Server 2010) http://technet.microsoft.com/en-us/library/ee721049(office.14).aspx
Articles in this series;